Laravel authenticate users when their school is active

Question

We are making a laravel project that is for schools. We got a database for schools and inside it are the the users like teachers,staffs ect. My problem is how do I prevent the specific user from a specific school from logging in where their school status is marked = 0 or as inactive in our database?

Users table +-------------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | | NULL | | | email | varchar(191) | NO | UNI | NULL | | | password | varchar(191) | NO | | NULL | | | role | int(11) | NO | | 0 | | | school_id | int(11) | NO | | NULL | | | gender | int(11) | NO | | 1 | | | birthdate | date | YES | | NULL | | | address | varchar(191) | NO | | | | | phone | varchar(191) | YES | | NULL | | | remember_token | varchar(100) | YES | | NULL | | +-------------------+------------------+------+-----+---------+----------------+ +-------------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | | NULL | | | email | varchar(191) | NO | UNI | NULL | | | password | varchar(191) | NO | | NULL | | | role | int(11) | NO | | 0 | | | school_id | int(11) | NO | | NULL | | | gender | int(11) | NO | | 1 | | | birthdate | date | YES | | NULL | | | address | varchar(191) | NO | | | | | phone | varchar(191) | YES | | NULL | | | remember_token | varchar(100) | YES | | NULL | | +-------------------+------------------+------+-----+---------+----------------+

LoginController.php

class LoginController extends Controller
{

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    // protected $redirectTo = '/admin';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        // $this->middleware('guest')->except('logout');
    }



}```

User model

  public function schools()
    {
        return $this->belongsTo('App\School', 'school_id');
    }

School model

 public function users(){
        return $this->hasMany(User::class);
    }

My LoginController only uses the AuthenticateUsers function and I dont know a way how to override it or make a new function for me. Thanks in advance.

Answer 1

I suggest creating a middleware to the login route, that will look after the user's status value for his school. If it's not valid, you should handle it for example, that you throw an exception back to user, that the school is inactive.

More about it here: https://laravel.com/docs/master/middleware

Updated:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Guard;

class Authenticate
{
    /**
     * The Guard implementation.
     *
     * @var Guard
     */
    protected $auth;

    /**
     * Create a new filter instance.
     *
     * @param \Illuminate\Contracts\Auth\Guard $auth
     */
    public function __construct(Guard $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure                 $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($this->auth->schools()->status == 0) {
            return response('School is inactive!', 401);
        }

        return $next($request);
    }
}

And add the newly created middleware to the App\Http Kernel.php class.

Add the following line to the variable $routeMiddleWare :

'auth'                => \TIM\Http\Middleware\Authenticate::class,

Now the last thing to do is to add the 'auth' key to the Route group .

Route::group([
    'middleware' => ['auth'],
], function () {
// your routes
}

Answer 2

You could override the attemptLogin function to also check for this field.

protected function attemptLogin(Request $request)
{
    //
    // Query the school status here and return false if status === 0.
    //

    return $this->guard()->attempt(
        $this->credentials($request), $request->filled('remember')
    );
}

Answer 3

In LoginController you can override the authenticated method, this function fires when the user has successfully signed in.

public function authenticated(Request $request, $user)
{
    if ($user->schools()->status === 0) {
        Auth::logout($user);

        abort(403, 'Your school is not active.');
    }
}

I'm assuming here that you've setup relationships, if not then just select the school which the user is enrolled and check from that.
The reason why I suggest to override the authenticated method as opposed to other methods is that at this point you know the user has signed in correctly so it is the correct place to handle it as opposed to the attemptLogin .

Answer 4

use join query. just add school_id in users table. for example

self::where('users.school_id', $id)->where('schools.status',0)

Laravel authenticate users when their school is active

Question

4 answers

solution1
1 2019-09-25 08:09:50

solution2
1 2019-09-25 08:10:35

solution3
1 ACCPTED 2019-09-25 08:11:50

solution4
1 2019-09-25 08:13:57

Laravel authenticate users when their school is active

Question

4 answers

solution1 1 2019-09-25 08:09:50

solution2 1 2019-09-25 08:10:35

solution3 1 ACCPTED 2019-09-25 08:11:50

solution4 1 2019-09-25 08:13:57

solution1
1 2019-09-25 08:09:50

solution2
1 2019-09-25 08:10:35

solution3
1 ACCPTED 2019-09-25 08:11:50

solution4
1 2019-09-25 08:13:57